This blog describes how a vulnerability was identified in MicroWeber, an open-source Content Management System (CMS) written in PHP

elttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.

In our previous post, we’ve explained the Local File Inclusion attack in detail, which you can read from here. I recommend, then, to revisit our

🐰 Managing command snippets for hackers/bug bounty hunters. with pet. - hahwul/hack-pet

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware. - nomi-sec/PoC-in-GitHub

Simple command-line snippet manager. Contribute to knqyf263/pet development by creating an account on GitHub.

“Those who rule data will rule the entire world.” - 孫正義

A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems. - hlldz/dazzleUP

PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https://github.com/rapid7/metas...

A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks - GitHub - ra1nb0rn/avain: A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks

Bug hunting through fuzzer/*-sanitizer/etc... Contribute to hardenedlinux/harbian-qa development by creating an account on GitHub.

Capture NamedPipe traffic using #Wireshark #ETW and the fabulous file sytem filter driver from @kobyk ! #Windows #Internal github.com/airbus-cert/Wi…

Here is POC of CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. For example to read "/+CSCOE+/portal_inc.lua" file. https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../…

SAML Pentest and Implementaion demonstrates how insecure configurations combine to form a phishing attack that can give attackers access.

Task Scheduler service loads a non-existing DLL enabling persistence as `NT AUTHORITY\SYSTEM`.

Collection of pentesting scripts. Contribute to redcode-labs/Citadel development by creating an account on GitHub.

Estimated Reading Time: 9 minutes During the previous week, I was doing some research about win32 APIs and how we can use them during weaponizing our attack, I already did some work related to process injection in the past, but I was looking for something…